Remote Control from behind Firewall

Right now my setup is as follows:
The DS server is on a private subnet and a firewall stands in between the DS server and the campus network. After opening the appropriate ports I was able to pull and push images, I am even able to do some basic production agent tasks (collect names, inventory) but am unable to file copy or remote control. I am using wireshark to troubleshoot the issue and it seems that the external altiris IP is telling the aclient agent to connect to the remote control address of the INTERNAL (10.10.x.x.) IP. I actually tracked down the specific packet where the altiris server is telling the client to respond back at the unroutable IP. Obviously this will not work and I need the remote control agent to talk to the external altiris IP, all other services seem to be working fine though this. Is there some setting i need to switch to make this happen?

The only thing I see are the altiris agent settings which is currently indicating the proper DS external IP address. I also have made sure to open ports 5001,5002 on the firewall and these are specified in the Global DS options.